Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Allow users to change password

  • 29-09-2004 11:49am
    #1
    Registered Users, Registered Users 2 Posts: 218 ✭✭


    I have a simple asp login page using an access database I would like to make a page for users to change their passwords. Is this difficult to do? I had a look on Google for something ready to use but I couldn’t find anything.
    Here is the code I am using for my login page

    <%
    'here is the connection string
    Set conn = server.createobject("adodb.connection")
    'this connection uses JET 4 it is the prefered method of connecting to an access database
    DSNtemp = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.Mappath("/slog/login.mdb")
    'if you cant use JET then comment out the line above and uncomment the line below
    'DSNtemp="DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.Mappath("/slog/login.mdb")
    conn.Open DSNtemp
    
    'here we are getting the info from the login form
    If InStr(Request.Form("uid"),"'") Then
    uid = Replace(Request.Form("uid"),"'"," ")
    Else
    uid = Request.Form("uid")
    End If
    If InStr(Request.Form("pwd"),"'") Then
    pwd = Replace(Request.Form("pwd"),"'"," ")
    Else
    pwd = Request.Form("pwd")
    End If
    
    'now we will querry the database for a match
    SQL = "Select * From users Where uid = '" & uid & "' And pwd = '" & pwd & "'"
    Set RS = Conn.Execute(SQL)
    
    'if the user is found we will set the session okeydokey to TRUE allowing the user to gain entrance
    If Not RS.EOF Then
      Session("okeydokey") = True
    	
    	'always always always destroy recordsets and close connections!
    	Set RS = Nothing
    	Conn.Close
    
    'since the user was found, we sent them toodling on to the next page	
    '########################################################################################################
    '##### IN THE LINE BELOW CHANGE INDEX2.ASP TO THE PAGE YOU WANT THE USERS TO BE DIRECTED TO
      Response.Redirect "index2.asp"
    Else
       
       'ooops if we got this far they dont know their login info or arent in the database
    	'AGAIN always always always destroy recordsets and close connections!
    	Set RS = Nothing
    	Conn.Close
      'so we send em back to try again	
      Response.Redirect "incorrect_log_in.htm"
    '#####  CHANGE INDEX.ASP IN THE LINE ABOVE TO THE NAME OF THE PAGE WHERE
    '#####  WHERE YOU PLACED THE LOGIN TABLE. LEAVE IT IN QUOTES!!!!!!!!!!!!
    '##################################################################################
      
    End If
    %>
    


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    It should be simple enough.

    Most change password screen ask for the user's old password, then the new one twice.

    So if you use an amalgamation of the login page and the script used to set the password originally, it should be easy enough.

    Basically you want a page which takes the three fields (old password, new password 1, new password verify) from a form, then
    a) Checks that the new password fields are the same, exiting and giving an error if not
    b) Checks that the old password is correct (basically logging in without setting any cookies), if it doesn't exit and give an error
    c) Puts whatever hashing or encryption on the new password, and entering that into the database.

    At that point, you can do one of two things - Update the Session/Cookie so that it contains the new password,...or....log the person out and ask them to log back in with their new password (i.e. create a new session).

    I don't know ASP, so I can't give you any code. :)


  • Registered Users, Registered Users 2 Posts: 885 ✭✭✭clearz


    As seamus said I would create a page with an old password field and an new password field and a confirm new password field. You know the type. Then insert it into the database using something like

    if oldPassword = passwordStoredInSessionCookie

    UPDATE userDetails SET password = newPass WHERE username = userGotFromSessionObject AND password = oldPassword


  • Moderators, Politics Moderators Posts: 41,234 Mod ✭✭✭✭Seth Brundle


    clearz wrote:
    As seamus said I would create a page with an old password field and an new password field and a confirm new password field. You know the type. Then insert it into the database using something like

    if oldPassword = passwordStoredInSessionCookie

    UPDATE userDetails SET password = newPass WHERE username = userGotFromSessionObject AND password = oldPassword
    I would also update the value of passwordStoredInSessionCookie when at it!


  • Registered Users, Registered Users 2 Posts: 218 ✭✭Callan


    Can someone please help me with this code I keep getting an error

    Microsoft JET Database Engine error '80004005'
    Operation must use an updateable query.
    /qsc/management_db/change.asp, line 47
    <%
    'here is the connection string
    Set conn = server.createobject("adodb.connection")
    'this connection uses JET 4 it is the prefered method of connecting to an access database
    DSNtemp = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.Mappath("users.mdb")
    conn.Open DSNtemp
    Set RS = Server.CreateObject("ADODB.Recordset")
    
    'here we are getting the info from the login form
    If InStr(Request.Form("uid"),"'") Then
    uid = Replace(Request.Form("uid"),"'"," ")
    Else
    uid = Request.Form("uid")
    End If
    
    If InStr(Request.Form("pwd"),"'") Then
    	pwd = Replace(Request.Form("pwd"),"'"," ")
    Else
    	pwd = Request.Form("pwd")
    End If
    
    If InStr(Request.Form("pwd0"),"'") Then
    	pwd0 = Replace(Request.Form("pwd0"),"'"," ")
    Else
    	pwd0 = Request.Form("pwd0")
    End If
    
    If InStr(Request.Form("pwd1"),"'") Then
    	pwd1 = Replace(Request.Form("pwd1"),"'"," ")
    Else
    	pwd1 = Request.Form("pwd1")
    End If
    
    if pwd0 <> pwd1 then
    	Set RS = Nothing
    	Conn.Close
    	response.redirect("http://www.google.ie")
    else	
    	SQL = "Select * From People Where IDSID = '" & uid & "' And Pass = '" & pwd & "'"
    	Set RS = Conn.Execute(SQL)
    	IF RS.EOF THEN
    			response.write("wrong pass/username")
    			Set RS = Nothing
    			Conn.Close
    	Else
    		SQL = "UPDATE People SET Pass = '" & pwd0 & "' WHERE IDSID = '" & uid & "'"
    		Set RS = Conn.Execute(SQL)		
    		Set RS = Nothing
    		Conn.Close
    		Response.write("hopefully changed")
    	end if	
    End if
    %>
    


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    http://www.aspemporium.com/aspEmporium/help/helpsys.asp?PRB022

    Google is your friend.

    Check the IISUSER's (or whatever login the ISS process is running under) permissions to write to the directory where your DB is located.


  • Advertisement
Advertisement